Free Tools: The Best Free Tools of 2013? – community.rapid7.com
This post will cover a few of the best freebies released last year, and how they are used by information security team members, to make their day-to-day lives easier.

VoIP Attacks: Skype Proof of Concept Released – blog.mdsec.co.uk
In October 2013, Dominic Chell and Shaun Colley presented their research and proof-of-concept tool for traffic analysis of encrypted VoIP streams. They focused on Skype as a case study.

Tools

Windbgshark – code.google.com
This project includes an extension for the windbg debugger as well as a driver code, which allow you to manipulate the virtual machine network traffic and to integrate the wireshark protocol analyzer with the windbg commands.

SI6 Networks’ IPv6 Toolkit – si6networks.com
The SI6 Networks’ IPv6 toolkit v1.5.2 is available now. The SI6 Networks’ IPv6 toolkit is a set of IPv6 security/trouble-shooting tools, that can send arbitrary IPv6-based packets.

Bully – github.com
Bully is a new implementation of the WPS brute force attack, written in C. It is conceptually identical to other programs, in that it exploits the (now well known) design flaw in the WPS specification.

Techniques

TrueCrypt Master Key Extraction And Volume Identification – volatility-labs.blogspot.com
What’s described here is not a vulnerability in TrueCrypt. Volatility Labs don’t intend to cause mass paranoia or discourage readers from using the TrueCrypt software. Their best advice to people seeking to keep data secure and private is to read the TrueCrypt documentation carefully, so you’re aware of the risks.

Powershell Reconnaissance – trustedsec.com
This post is a simple introduction to Powershell and a demonstration of a couple of useful ways it can be utilized during the information gathering stages of a pentest.

Fetching JBoss MBean method hashes – forelsec.blogspot.com
Matasano published one of two canonical papers on JBoss exploitation. While working on a fresh new tool, Drone came across the JMXInvokerServlet technique, which uses serialized Java requests to deploy to remote MBeans. This uses a specific object hash to route the JMX request to the correct MBean.

Application Whitelist Bypass Using IEexec.exe – room362.com
In this document you’ll learn that even if a host is in a mode where only trusted approved applications can run. IEexec.exe can be used in certain situations to circumvent a Whitelist, since it is likely a trusted binary, since it is signed by Microsoft.

Vulnerabilities

Bug Exposes IP Cameras, Baby Monitors – krebsonsecurity.com
A bug in the software that powers a broad array of Webcams, IP surveillance cameras and baby monitors made by Chinese camera giant Foscam allows anyone with access to the device’s Internet address to view live and recorded video footage, KrebsOnSecurity has learned.

Linksys & Netgear Backdoor by The Numbers – skizzlesec.com
When a major backdoor or ZeroDay starts to make headlines, we think that hundreds of thousands, maybe millions of users, are affected by that vulnerability. With this in mind MaxRoger set out to answer the question, “How bad is it?”

Explaining security issues with healthcare.gov – trustedsec.com
This blog post was written by David Kennedy – CEO of TrustedSec. He recently testified in front of Congress last week to the House and Science Committee on the issues still plaguing the website.

About Us

Infosec Events is dedicated to the growing information security industry. We strive to provide useful information and resources to those in the industry. Don't hesitate to contact us should you need anything.